Web Application (LAMP*) Security Attack and Defense for System Administrators. *LAMP (linux, apache, mysql, php/perl/python) application security.
|
|
- MargaretMargaret Booth
- 6 years ago
- Views:
Transcription
1 Web Application (LAMP*) Security Attack and Defense for System Administrators *LAMP (linux, apache, mysql, php/perl/python) application security.
2 A little intro Robert Rowley Security/Abuse
3 Backups! They are the first priority. They cover your ass. Asset for quick code comparison. Have multiple backups (off site preferably) Store on read-only media (WORM; write once read many) Don't assume anyone else is already handled it. But how should I back up my data?
4 Beyond the basics. Try a version control option rsync/tar work fine, but CVS, SVN, GIT, etc... can do more! Use them, master them, love them. They not only allow you to identify and quickly correct bugs, flaws, etc... caused by bad code (and help you identify bad coders). They can be used to mitigate attacks, allowing quick distribution of clean code. Not only for code! Use SVN for configuration files, etc.. Having a code repository does not mean you do not need to keep backups! Backup your repository too (now use rsync/tar etc..)!
5 Scenario: Assessing and securing a (LAMP) web application as soon as possible when changing code is not an option. Attack Defense (Hired Pen test) (Sys Admin) Cross Site Scripting (XSS) Application level (mod_sec) SQL injection Network level (snort) Insecure Code File tampering detection
6 Attack: Cross Site Scripting (XSS) Type 1: Reflected attacks The payload exists in the URL and the server side code re-prints the malicious content. (echo $_GET['varname'];) Type 2: Stored attacks The XSS payload is stored on the server (in MySQL, files etc..) and every subsequent request to the same page displays the injected payload. Type 3: DOM attacks Adjusting DOM attributes on the client's browser directly. (When designers go bad! javascript adjust data directly, nothing is actually handled in the server side code itself) Affect: Anyone who visits the page/link is initiating an attack on third party web servers Mis-information, changing/reposting information on a credible website Leaked information (javascript can access cookie information, HTTP variables etc..)
7 Leads to: Leads to: This really is just fun stuff, know enough javascript and you can cause major havoc or do a 0 height iframe for click jacking
8 FUN
9 XSS recap While limited in it's abilities, that is it's strength. Most developers do not consider XSS a security risk leaving a plethora of vulnerable sites. Familiarize yourself with the slight differences between persistent, reflected and DOM XSS attacks Study javascript and be multiple browser compliant.
10 Defense: mod_security Apache module to quickly mitigate and prevent identified attacks.
11 You will need to first install mod_security and then include it in your apache configuration. Instructions vary, but modsecurity.org has what you will need. (example httpd.conf changes after the.so has been compiled) LoadModule security2_module modules/mod_security2.so SecRuleEngine On Include conf/modsecurity.conf... Now all you will need are rules! There are extensive rule sets available at gotroot.com and owasp.org but... it is always best to roll your own. Here is a list of variables you will have available to scan/review: ARGS ARGS_COMBINED_SIZE ARGS_NAMES REQBODY_PROCESSOR REQBODY_ERROR REQBODY_ERROR_MSG XML WEBSERVER_ERROR_LOG FILES FILES_TMPNAMES FILES_NAMES FILES_SIZES FILES_COMBINED_SIZE ENV REMOTE_HOST REMOTE_ADDR REMOTE_PORT REMOTE_USER PATH_INFO QUERY_STRING AUTH_TYPE SERVER_NAME SERVER_ADDR SERVER_PORT TIME_YEAR TIME_EPOCH TIME_MON TIME_DAY TIME_HOUR TIME_MIN TIME_SEC TIME_WDAY TIME REQUEST_URI REQUEST_URI_RAW REQUEST_LINE REQUEST_METHOD REQUEST_PROTOCOL REQUEST_FILENAME REQUEST_BASENAME SCRIPT_FILENAME SCRIPT_BASENAME SCRIPT_UID SCRIPT_GID SCRIPT_USERNAME SCRIPT_GROUPNAME SCRIPT_MODE ENV REQUEST_HEADERS REQUEST_HEADERS_NAMES REQUEST_COOKIES REQUEST_COOKIES_NAMES REQUEST_BODY RESPONSE_LINE RESPONSE_STATUS RESPONSE_PROTOCOL RESPONSE_HEADERS RESPONSE_HEADERS_NAMES RESPONSE_BODY RULE SESSION WEBAPPID SESSIONID USERID
12 Here is a quick rule to stop those simple script/iframe injections via the WP comment form: (contents of conf/modsecurity.conf) SecRule REQUEST_FILENAME wp-comments-post.php chain,deny SecRule ARGS:comment "(<script <iframe)" Check if the requested filename is wp-comments-post.php and chain (continue checking) with the next rule... Check if the argument (POST or GET) named comment has the string <script or <iframe. If both are true then take the specified action (deny) Over-zealous version: SecRule ARGS "(<script <iframe)" deny Any argument (POST/GET variable) that matches the pattern <script or <iframe will be denied.
13 Remember from earlier? Leads to: Leads to:
14 mod_security recap Pro Prevents attacks from succeeding Application level access (no worries about SSL needing to be intercepted/decrypted) Con Only as powerful as the rules used Bad rules will create false positives. Very flexible rule sets Extendibility with scripting (something for another time) Detectable by attackers, who can adjust their attacks (something for another time)
15 Attack: SQL injection Do (almost) anything you want to the database!
16 SQL injection with photoracer plugin.
17 Simplest form, just add a union statement added to one of the GET/POST variables that gets appended to the select query
18 Here is what went wrong in the code: 16 $imgid = $_REQUEST['id']; 17 $q1 = "SELECT raceid, wpuid, imgid, imgpath, imgname, imgcomment, sumvotes, imgcountview, tinsert FROM ". 18 $wpdb->prefix."photoracer WHERE imgid=$imgid"; $out = $wpdb->get_row($q1); "da :".get_author_name($out->wpuid)."<br/>". $out->imgcomment."<br/>". Expected SQL statement: SELECT raceid, wpuid, imgid, imgpath, imgname, imgcomment, sumvotes, imgcountview, tinsert FROM wp_photoracer WHERE imgid=10 Injected SQL statement: SELECT raceid, wpuid, imgid, imgpath, imgname, imgcomment, sumvotes, imgcountview, tinsert FROM wp_photoracer WHERE imgid=-1 union select 0,1,2,3,4,user_login,6,7,8 from wp_users--
19 But wait... there is more. Let's get some password hashes!
20 SQL injection recap Requires an understanding of SQL statements Very noisy if the database structure is not known Time consuming (if not automated) Can do more than SELECT based on user's privileges! (DROP, ALTER, CREATE, GRANT statements are all possible.)
21 DEFENSE: IDS/IPS (snort and more) Excellent method to monitor network traffic and retrieve information on attacks. Don't forget your whitelist!
22 Snort is a widely used IDS (intrusion detection system) Lightweight Large user base for example rulesets and help Snort can detect more than just web application attacks (unlike mod_security.) Setup is easy: download, compile, configure, monitor and update! By itself snort will only log the attacks for review, plugins like SnortSam/Guardian.pl will turn snort into a powerful IPS (intrusion prevention system)
23 Example code to detect the SQL injection attack: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS ( msg:"sql-injection photoracer Sql Injection attempt"; flow:to_server,established; uricontent:"viewimg.php"; nocase; uricontent:"id="; uricontent:"union"; nocase; uricontent:"select"; nocase; classtype:web-application-attack; sid: ; rev:2;) (detects /viewimg.php... id=...union...select... What the attack looks like in the logs: [**] [1: :2] SQL-INJECTION photoracer Sql Injection attempt [**] [Classification: Web Application Attack] [Priority: 1] 08/08-23:26: : > :80 TCP TTL:55 TOS:0x0 ID:63052 IpLen:20 DgmLen:444 DF ***AP*** Seq: 0x4A59450C Ack: 0x9CB41D1A Win: 0x16D0 TcpLen: 20
24 SNORTSAM/Guardian.pl These scripts watch the snort log files, upon evidence of an attack they will use iptables/ipfwadm etc... to firewall the attacker's IP. The most important thing to remember is: whitelist your system's IP if you plan to test new rules. (this prevents you from locking yourself out of the server) Example: Using a script like snortsam/guardian.pl the attacker's IP is blocked. # iptables -n -L Chain INPUT (policy ACCEPT) target prot opt source DROP all destination /0...
25 Snort recap Pros Cons Lightweight Only as good as your rules Runs independently False positives Powerful as an IDS or IPS Can become very daunting to customize Requires third party scripts to be an IPS Network level can see more than application level(mod_security) Large user base, lots of help available As an IPS will stop the attacker in their tracks (at least their IP) False positives when running a IPS may leave your IP blocked, don't forget to whitelist yourself!
26 Attack: Code Vulnerability Code can be attacked! The #1 fault is, trusting user input. RISK: Attackers get to do whatever they want.
27 Attack: Badly Coded Upload form! Allowing people to upload files willy nilly will get you compromised quickly. RISK: Allowing users to upload executable files (.php.pl.cgi etc..) or even.html files is giving away the keys to the castle.
28 // Where the file is going to be placed $target_path = "images/"; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path. basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_files['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } The flaw? No checking the file's extension or checking if it is really an image image, movie, etc... Find any php shell ( and upload for FUN!
29 The upload page Example backdoor
30 DEFENSE: File monitoring inotify also: (tripwire, fschange, kqueue utilities etc..)
31 Inotify an you... Kernel module (released in ) Monitors file system changes Improvement from dnotify Inotify-tools, incron, iwatch, pynotify
32 inotify-tools libinotifytools inotifywait inotifywatch
33 inotify/incron quick and easy 1. Verify your kernel has inotify enabled, install incrond 2. Setup incrontab to monitor fies/directores i. (directory) (mask) (command) 3. Start/Restart incrond Example incrontab: /home/user/website IN_CREATE mail -s 'File created!'
34 More about masks IN_ACCESS IN_ATTRIB IN_CLOSE_WRITE IN_CLOSE_NOWRITE IN_CREATE IN_DELETE IN_DELETE_SELF IN_MODIFY IN_MOVE_SELF IN_MOVED_FROM IN_MOVED_TO IN_OPEN File was accessed (read) Metadata changed (permissions, timestamps, extended attributes, etc.) File opened for writing was closed File not opened for writing was closed File/directory created in watched directory File/directory deleted from watched directory Watched file/directory was itself deleted File was modified Watched file/directory was itself moved File moved out of watched directory File moved into watched directory File was opened
35 Passing Variables The command may contain these wildcards: $$ - a dollar sign $@ - the watched filesystem path (see above) $# - the event-related file name $% - the event flags (textually) $& - the event flags (numerically) Example incron entry: /directory/to/watch IN_MODIFY /path/to/script $@/$# This will execute the script and pass it the file name which triggered the rule
36 A diff erent solution... Compare your live data to a backup! A utility you are probably familiar with diff can do this for you. Just run diff -r (live directory) (backup directory) You will receive a report of file differences.
37 DEFENSE: Forensics It's Logs, it's Logs It's better than bad, it's good. Logs, logs, logs!
38 Useful logs: Apache (website) Auth.log, FTP.log Syslog / messages Specific IDS logs Tools to know: Grep Awk Perl/shell scripting
39 Coorealation of timestamps is key (most of the time) Use NTP or a central logging server. Previous attack (detected by tripwire) Modified object name: /home/user/website/upload/images/c100.php Property: Expected Observed * Inode Number * Modify Time Sun 15 Aug :24:38 PM PDT Sun 15 Aug :26:49 PM PDT * Change Time Sun 15 Aug :24:38 PM PDT Sun 15 Aug :26:49 PM PDT Data found in the logs: debian:~/apache_logs$ grep 18:24: wp-access.log [15/Aug/2010:18:24: ] "POST /upload/uploader.php HTTP/1.1" 200 Confirm the file exists on the server: debian:~$ ls -la /home/user/website/upload/images/c100.php -rw-r--r-- 1 www-data www-data :26 /home/user/website/upload/images/c100.php
40 Wrap up Writing secure code will prevent the need for all of this. Until that day comes, enjoy what you have learned and apply it. Attacks are mostly automated; happening daily, hourly, right now...
41 From here on out... You're on your own to continue researching the subject matters covered briefly in this talk. I have a list of URLs you are free to copy, as well as ideas for more talks if anyone wants to throw their hat in the ring. Writing secure code! Penetration testing! Why your firewall is racist. SELECT MBA!= DBA.
42 Further reading! General Security (Excellent resource for many security topics) (Pay attention to the latest security concerns) (Exploit/tools resource) Snort (IDS) (Turns snort into an IPS) mod_security (Web application level firewall) (mod_security rule list) inotify (file change detection) (incron etc..) (inotify toolset) Cross Site scripting: (Cross site scripting attacks archive) Backdoor web shells: (list of backdoor shells) SQL Injection (plenty of information available)
WEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationModSecurity Reference Manual
Version 2.1.4 / (November 27, 2007) Copyright 2004-2007 Breach Security, Inc. (http://www.breach.com) Table of Contents Introduction...7 HTTP Traffic Logging...7 Real-Time Monitoring and Attack Detection...7
More informationMODSECURITY HANDBOOK. The Complete Guide to the Popular Open Source Web Application Firewall. Ivan Ristiæ
MODSECURITY HANDBOOK The Complete Guide to the Popular Open Source Web Application Firewall Ivan Ristiæ ModSecurity Handbook Ivan Ristiæ ModSecurity Handbook by Ivan Ristiæ Copyright 2010 Feisty Duck Limited.
More informationIntrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng
Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Internet Security Mechanisms Prevent: Firewall, IPsec, SSL Detect: Intrusion Detection Survive/ Response:
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationModSecurity 2.0 Webcast: Answers To Common Questions
ModSecurity 2.0 Webcast: Answers To Common Questions Who am I? Breach Security ModSecurity Community Manager Director of Application Security Training Courseware Developer/Instructor for the SANS Institute
More informationInformation Security. Gabriel Lawrence Director, IT Security UCSD
Information Security Gabriel Lawrence Director, IT Security UCSD Director of IT Security, UCSD Three Startups (2 still around!) Sun Microsystems (Consulting and JavaSoftware) Secure Internet Applications
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationChapter 7. Network Intrusion Detection and Analysis. SeoulTech UCS Lab (Daming Wu)
SeoulTech UCS Lab Chapter 7 Network Intrusion Detection and Analysis 2015. 11. 3 (Daming Wu) Email: wdm1517@gmail.com Copyright c 2015 by USC Lab All Rights Reserved. Table of Contents 7.1 Why Investigate
More informationLet me secure that for you!
Let me secure that for you! Appsec AU, 9 Sept 2017 Kirk Jackson @kirkj lmstfu.com @LetMeSecureThat This talk is not about RedShield! We are the world's first web application shielding-with-a-service cybersecurity
More informationdnotify's interface to user space is signals. Yes, seriously, signals!
1 of 9 6/18/2006 8:49 PM Kernel Korner Intro to inotify Robert Love Abstract Applications that watch thousands of files for changes, or that need to know when a storage device gets disconnected, need a
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More information"The Core Rule Set": Generic detection of application layer attacks. Ofer Shezaf OWASP IL Chapter leader CTO, Breach Security
"The Core Rule Set": Generic detection of application layer attacks Ofer Shezaf OWASP IL Chapter leader CTO, Breach Security About Breach Security, Inc. The market leader in web application security Headquarters
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationOSSIM Fast Guide
----------------- OSSIM Fast Guide ----------------- February 8, 2004 Julio Casal http://www.ossim.net WHAT IS OSSIM? In three phrases: - VERIFICATION may be OSSIM s most valuable contribution
More informationYou can also set the expiration time of the cookie in another way. It may be easier than using seconds.
What is a Cookie? A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will
More informationFighting bad guys with an IPS from scratch
Fighting bad guys with an IPS from scratch Daniel Conde Rodríguez BS Computer Engineer PCAE - LFCS Webhosting Service Operations Team Coordinator Acens (Telefónica) @daconde2 www.linkedin.com/in/daniconde
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationModSecurity2 Installation, and Configuration
ModSecurity2 Installation, and Configuration Hi, I actually searched a lot of times through Mr. Google looking for a ModSecurity2 HOWTO, but unfortunately I didn't find any. So I decided to write this
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationSome Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationWeb Vulnerabilities. And The People Who Love Them
Web Vulnerabilities And The People Who Love Them Me Tom Hudson Technical Trainer at Sky Betting & Gaming TomNomNom online Occasional bug hunter Lover of analogies Lover of questions Insecure Direct Object
More informationAdvanced Web Application Defense with ModSecurity. Daniel Fernández Bleda & Christian Martorella
Advanced Web Application Defense with ModSecurity Daniel Fernández Bleda & Christian Martorella Who we are? (I) Christian Martorella: +6 years experience on the security field, mostly doing audits and
More informationWeb Application Firewall (WAF) Evasion Techniques
themiddle Follow Security Researcher Dec 7, 2017 9 min read A typical kit used by pentesters during a WAPT :) Web Application Firewall (WAF) Evasion Techniques I can read your passwd le with: /???/??t
More informationCyberP3i Hands-on Lab Series
CyberP3i Hands-on Lab Series Lab Series using NETLAB Designer: Dr. Lixin Wang, Associate Professor Hands-On Lab for Application Attacks The NDG Security+ Pod Topology Is Used 1. Introduction In this lab,
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationPHP-security Software lifecycle General Security Webserver security PHP security. Security Summary. Server-Side Web Languages
Security Summary Server-Side Web Languages Uta Priss School of Computing Napier University, Edinburgh, UK Copyright Napier University Security Summary Slide 1/15 Outline PHP-security Software lifecycle
More informationModSecurity 2.0 Webcast: Answers To Common Questions
ModSecurity 2.0 Webcast: Answers To Common Questions Who am I? Breach Security ModSecurity Community Manager Director of Application Security Training Developing ModSecurity Courses and a Certification
More informationOverview of Firewalls. CSC 474 Network Security. Outline. Firewalls. Intrusion Detection System (IDS)
CSC 474 Network Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) 1 Outline Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS Anomaly detection
More informationSECURE CODING ESSENTIALS
SECURE CODING ESSENTIALS DEFENDING YOUR WEB APPLICATION AGAINST CYBER ATTACKS ROB AUGUSTINUS 30 MARCH 2017 AGENDA Intro - A.S. Watson and Me Why this Presentation? Security Architecture Secure Code Design
More informationWeb 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationANTIVIRUS SITE PROTECTION (by SiteGuarding.com)
ANTIVIRUS SITE PROTECTION (by SiteGuarding.com) USER GUIDE Version 1.0.0 Antivirus Site Protection (by SiteGuarding.com) 1.0.0 1 Table of content 1. INTRODUCTION. 3 2. HOW IT WORKS.... 6 3. HOW TO CONFIGURE..
More informationJacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013
Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Welcome Back! A Quick Recap of the Last Presentation: Overview of web technologies. What it is. How it works. Why it s attractive
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationSecurity principles Host security
Security principles Host security These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host Security:
More informationProject 2: Web Security
EECS 388 September 30, 2016 Intro to Computer Security Project 2: Web Security Project 2: Web Security This project is due on Thursday, October 13 at 6 p.m. and counts for 8% of your course grade. Late
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationHow to create a secure WordPress install v1.1
Table of Contents: Table of Contents:... 1 Introduction... 2 Installing WordPress... 2 Accessing your WordPress tables... 2 Changing your WordPress Table Prefix... 3 Before Installation... 3 Manually Change...
More informationECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ]
s@lm@n ECCouncil Exam 312-50v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ] Topic break down Topic No. of Questions Topic 1: Background 38 Topic 3: Security 57 Topic 4: Tools
More informationThe OWASP Foundation
Application Bug Chaining July 2009 Mark Piper User Catalyst IT Ltd. markp@catalyst.net.nz Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More informationANTIVIRUS SITE PROTECTION (by SiteGuarding.com)
ANTIVIRUS SITE PROTECTION (by SiteGuarding.com) USER GUIDE Version 0.1.0 1 Table of content 1. INTRODUCTION. 3 2. HOW IT WORKS.... 6 3. HOW TO CONFIGURE.. 7 2 1. INTRODUCTION Antivirus Site Protection
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationCS 142 Winter Session Management. Dan Boneh
CS 142 Winter 2009 Session Management Dan Boneh Sessions A sequence of requests and responses from one browser to one (or more) sites Session can be long (Gmail - two weeks) or short without session mgmt:
More informationHuman vs Artificial intelligence Battle of Trust
Human vs Artificial intelligence Battle of Trust Hemil Shah Co-CEO & Director Blueinfy Solutions Pvt Ltd About Hemil Shah hemil@blueinjfy.net Position -, Co-CEO & Director at BlueInfy Solutions, - Founder
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 12 Week of April 24, 2017 Question 1 Detection strategies (20 min) Suppose you are responsible for detecting attacks on the UC Berkeley network, and
More informationWeb Penetration Testing
Web Penetration Testing What is a Website How to hack a Website? Computer with OS and some servers. Apache, MySQL...etc Contains web application. PHP, Python...etc Web application is executed here and
More informationIf you re the administrator on any network,
Let s do an inventory! If you re the administrator on any network, chances are you ve already faced the need to make an inventory. In fact, keeping a list of all the computers, monitors, software and other
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationWebShell UDURRANI.COM
WebShell UDURRANI.COM Webshell is simply a backdoor used by attackers to enable remote administration and control. It s normally an obfuscated script i.e. php, cgi, aspx. Attacker could access webshell
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationArchitecture. Steven M. Bellovin October 31,
Architecture Steven M. Bellovin October 31, 2016 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationInstructions 1 Elevation of Privilege Instructions
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3-6 players. Play starts with the 3 of Tampering. Play
More informationHosting and Web Apps The Obscurity of Security
Hosting and Web Apps The Obscurity of Security Quintin Russ Mike Jager OWASP New Zealand Day Auckland, NZ July 2010 "Immediately restore the most recent MySQL backup for our site and urgently explain how
More informationWeb Attacks Lab. 35 Points Group Lab Due Date: Lesson 16
CS482 SQL and XSS Attack Lab AY172 1 Web Attacks Lab 35 Points Group Lab Due Date: Lesson 16 Derived from c 2006-2014 Wenliang Du, Syracuse University. Do not redistribute with explicit consent from MAJ
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Midterm 1 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that any academic misconduct will be reported
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationEngineering Robust Server Software
Engineering Robust Server Software Defense In Depth You Are Building YourAwesomeSite.com Django Built In Authen Sanitization Distrust clients Use all the best practices you know 2 You Are Building YourAwesomeSite.com
More informationLecture 3: Web Servers / PHP and Apache. CS 383 Web Development II Monday, January 29, 2018
Lecture 3: Web Servers / PHP and Apache CS 383 Web Development II Monday, January 29, 2018 Server Configuration One of the most common configurations of servers meant for web development is called a LAMP
More informationCS 161 Computer Security
Nick Weaver Fall 2018 CS 161 Computer Security Homework 3 Due: Friday, 19 October 2018, at 11:59pm Instructions. This homework is due Friday, 19 October 2018, at 11:59pm. No late homeworks will be accepted
More informationAssignment 6: Web Security
COS 432 November 20, 2017 Information Security Assignment 6: Web Security Assignment 6: Web Security This project is due on Monday, December 4 at 11:59 p.m.. Late submissions will be penalized by 10% per
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationAn analysis of security in a web application development process
An analysis of security in a web application development process Florent Gontharet Ethical Hacking University of Abertay Dundee MSc Ethical Hacking 2015 Table of Contents Abstract...2 Introduction...3
More informationlast time: command injection
Web Security 1 last time: command injection 2 placing user input in more complicated language SQL shell commands input accidentally treated as commands in language instead of single value (e.g. argument/string
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationCNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies
CNIT 129S: Securing Web Applications Ch 3: Web Application Technologies HTTP Hypertext Transfer Protocol (HTTP) Connectionless protocol Client sends an HTTP request to a Web server Gets an HTTP response
More informationTEL
2003 6 Snort TEL 06-2533131 2605 E-mail ccsu@mail.stut.edu.tw m9090102@email3.stut.edu.tw paper, we use Open Source like Snort[10] to construct the Intrusion Detection System (IDS). Snort system will produce
More informationSecuring Apache Tomcat. AppSec DC November The OWASP Foundation
Securing Apache Tomcat AppSec DC November 2009 Mark Thomas Senior Software Engineer & Consultant SpringSource mark.thomas@springsource.com +44 (0) 2380 111500 Copyright The Foundation Permission is granted
More informationBest practices with Snare Enterprise Agents
Best practices with Snare Enterprise Agents Snare Solutions About this document The Payment Card Industry Data Security Standard (PCI/DSS) documentation provides guidance on a set of baseline security
More information[This link is no longer available because the program has changed.] II. Security Overview
Security ------------------- I. 2 Intro Examples II. Security Overview III. Server Security: Offense + Defense IV. Unix Security + POLP V. Example: OKWS VI. How to Build a Website I. Intro Examples --------------------
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationCSCI 454/554 Computer and Network Security. Topic 8.4 Firewalls and Intrusion Detection Systems (IDS)
CSCI 454/554 Computer and Network Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Outline Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS
More informationYour Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 Similar statements are found in most content hosting website privacy policies. What is it about how the internet works that makes this statement necessary
More informationThe Ultimate Windows 10 Hardening Guide: What to Do to Make Hackers Pick Someone Else
The Ultimate Windows 10 Hardening Guide: What to Do to Make Hackers Pick Someone Else Paula Januszkiewicz CQURE: CEO, Penetration Tester CQURE Offices: New York, Dubai, Warsaw MVP: Enterprise Security,
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 First, the news The Great Cannon of China https://citizenlab.org/2015/04/chinas-great-cannon/ KAMI VANIEA 2 Today Open System Interconnect (OSI) model
More informationApplication Authorization with SET ROLE. Aurynn Shaw, Command Prompt, Inc. PGCon 2010
Application Authorization with SET ROLE Aurynn Shaw, Command Prompt, Inc. PGCon 2010 Hi Hi Aurynn Shaw DBA/Lead Dev/PM/etc @ Command Prompt * Today we re talking about AuthZ in PG * Benefits, drawbacks,
More informationOutline. Internet Security Mechanisms. Basic Terms. Example Attacks
Outline AIT 682: Network and Systems Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS Anomaly
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Instructor: Dr. Kun Sun Firewalls Filtering firewalls Proxy firewalls Outline Intrusion Detection System
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationIntroduction to UNIX. Logging in. Basic System Architecture 10/7/10. most systems have graphical login on Linux machines
Introduction to UNIX Logging in Basic system architecture Getting help Intro to shell (tcsh) Basic UNIX File Maintenance Intro to emacs I/O Redirection Shell scripts Logging in most systems have graphical
More informationBIG-IP Application Security Manager : Attack and Bot Signatures. Version 13.0
BIG-IP Application Security Manager : Attack and Bot Signatures Version 13.0 Table of Contents Table of Contents Assigning Attack Signatures to Security Policies...5 About attack signatures...5 About
More informationAttacking the Application OWASP. The OWASP Foundation. Dave Ferguson, CISSP Security Consultant FishNet Security.
Attacking the Application Dave Ferguson, CISSP Security Consultant FishNet Security Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the
More informationTextual Manipulation for SQL Injection Attacks
I.J.Computer Network and Information Security, 2014, 1, 26-33 Published Online November 2013in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2014.01.04 Textual Manipulation for SQL Injection Attacks
More informationModSecurity 2.5. Securing your Apache installation and web applications. Prevent web application hacking with this easy-to-use guide.
ModSecurity 2.5 Securing your Apache installation and web applications Prevent web application hacking with this easy-to-use guide Magnus Mischel BIRMINGHAM - MUMBAI ModSecurity 2.5 Securing your Apache
More informationIDS signature matching with iptables, psad, and fwsnort
M I K E R A S H IDS signature matching with iptables, psad, and fwsnort Michael Rash holds a Master s degree in Applied Mathematics and works as a Security Architect for Enterasys Networks, Inc. He is
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationshortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge
shortcut Your Short Cut to Knowledge The following is an excerpt from a Short Cut published by one of the Pearson Education imprints. Short Cuts are short, concise, PDF documents designed specifically
More information